Redirect problem

Hi, Running Windows XP, Service Pack 3, Internet Explorer 8. When I do a Google Search and click on a destination it gets redirected. I have run numerous scans and virus checks. After cleaning my computer, it still redirects. I tried running the tasks in your 'do this first' post and also tried some other things (running Ad-Aware, Fix-It Utilities 11 - deleted them when they didn't fix the problem before trying something else; emptying prefetch file, etc.) Below are the log files from the 'do this first' tasks:

(Thanks in advance! Any help will be appreciated. I am not an advanced computer user and I am trying to avoid having to reinstall Windows. Just doing this much was a challenge!)

You can delete the extra IE icon, you would only need one. Here is the Adblock for IE
[url]http://simple-adblock.com/[/url]
You might consider Firefox, it is a more secure browser, slightly different from IE but generally faster, easily configured. I have used it for years, rarely use IE anymore unless I … Read More

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Cathy, that only removed the rootkit, there likely are more infected files on there. Even though MBA-M had removed some the rootkit would likely have brought in more that it would not allow MBA-M to clean at that time or others which could not be found by MBA-M

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log.Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

OK, I guess I will admit to my screw up first. When I went to the link for combofix, I clicked on the wrong link. I clicked on the green download box. It is under the heading combofix and doesn't say it is something else. It was Registry Reviver. I downloaded, but wasn't sure about it, so I went to the page and clicked for the info next to the download box and it still talked about combofix so I ran it. It doesn't seem to have hurt anything (it removed 25 of 137 things - I didn't want to pay for anything), but when I didn't have a combofix.txt file I knew for sure I had done the wrong thing. Sigh. I hope it didn't do any harm. I subsequently ran combofix and below is the combofix.txt file:

Well, the Registry Reviver is most definitely NOT a good program, in fact it is considered Rogue Software. You said it removed some files, it didn't happen to produce a log or do a backup did it?
At least you ran combofix AFTER installing it and not before, but it put itself into the registry when it installed so we're going to have to get rid of it also.

Go to Add/Remove and Uninstall it immediately.

Also I have another question, in the Combofix log Avanquest AntiVirus shows as being installed yesterday.

Why? You all ready had Avira, which is one of the top av programs available today why did you install another antivirus program and one which certainly is much lower ranked? While Avira, or most anti-virus programs, do not stop a rootkit, Avira is one, if configured correctly will at least FIND a rootkit. Most rootkits do require special tools for removal, anti-virus programs usually don't remove them but Avira would certainly scan for them if configured to do so and would then give notification if one was found. I honestly don't know much about Avanquest except I haven't seen it on the lists of Top Ten av programs and I don't believe it is free but a paid program only. The only listings I have found say Free to try, meaning this is temporarily free and after a certain amount of time the program will expire and cease to work unless it is paid for.

Avanquest definitely did NOT show in previous logs.

The combofix logs also show that you also installed AdAware and Spybot yesterday. SpyBot is fine, AdAware, while not a bad program is just not what it used to be and is somewhat redundant if you have SpyBot on there.

I am chastised and hanging my head in shame. I have removed Registry Reviver. It makes me curious why the sites with the good stuff have the bad stuff so prominently at the top...

Yes, I installed Avanquest yesterday. Yes, I use Avira. Avira is my preferred Anti-Virus. Over the last several days, I tried a variety of programs to see if they would find things not previously found. I did the stuff in your 'do this before you post' and then I ran Avanquest and when it did not solve the problem, I removed it. Same with AdAware and Spybot. I tried both, and removed both. Then I gave up and asked for help, using the logs already on file.

I did not run anything after running TDSKiller last night, until today's adventure with Registry Retriever and Combobox.

This computer has Avira for anti-virus and Malwarebytes for malware.

Does the Combobox log suggest my system is ok or do I need to run something else as well now?

I was interested that Combobox said Microsoft Windows recovery console was not installed or needed updates (I selected yes to fix). Is that related to why there were no restore points? I have found on a number of occasions that when one of the family computers has been infected with something malicious that the restore points have been wiped. Is there some way to protect the restore points?

Hey, not really your fault and no need to be ashammed, happens to people all the time. I agree totally with what you say here...>>>It makes me curious why the sites with the good stuff have the bad stuff so prominently at the top...It happens a lot to people. One way to avoid that is use AdBlock on the browser, then those ads like that, and that is what those things are, ads. Then they don't even show.
Now we go forward;
We wouldn't recommend something that would not be compatible with your system so no worries there, but Combofix is a one time only tool, it isn't something you keep on the system.
We will remove that shortly.

The Recovery Console offered by combofix is really optional and not required.
Recovery Console and system restore are not the same thing. If a Windows XP-based computer does not start correctly or if it does not start at all, you may be able to use the Windows Recovery Console to help you recover the system software. It really is very limited though.

System Restore is entirely different. System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it.
System Restore will NOT uninstall a program, INCLUDING an infection. In fact if you have installed a program and find you don't want it if you use System Restore it may leave you with much of the program but it just won't be listed in Add/Remove, making it much harder to uninstall. This also holds true for an infection. If you would try to go back to a time BEFORE the infection entered your computer, and you would really have to almost know the exact minute it came onto the computer, then all you would do is make it harder to remove. The infected files may not be listed anymore but likely would still be there but harder to remove. System Restore is meant to restore from very RECENT changes like just day or two, not weeks.
System Restore only keeps the points for a short time, depending on how much disk space you have allotted for it. Once that space is filled up then old points are deleted. I keep my System Restore very small, gives me more disk space and also that way I don't have weeks and weeks of old restore points. I wouldn't want them anyway.

I would like you to UPDATE MBA-M, do a Full Scan with it and have it Remove Everything it finds. Reboot. Post back here with the log, even if it shows clean, I need to see it.

Then do this:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer or Firefox to complete this scan and you will need to allow an Active X to be installed.* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Good, got rid of that RegistryReviver and look at the files removed from System Restore.
Ok, let's remove combofix:
Uninstall Combofix:
Go Start > Run
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK.Restart computer.
Your installed programs list doesn't show any Java installed, it shows a Java Updater, which is useless really but no Java.
You do need Java to view many websites correctly.
Go to this site and install the most recent version

Then;
You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
Also reduce the size to about 5% by moving the slider so that the size is reduced.

I would also recommend that you add this superb protection programSpywareBlaster
from JavacoolSpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.

Download, install, update, Enable All protection and close the program. Manually check for updates every couple weeks and when there is an update follow the procedure above. This program really offers top notch FREE protection in addition to your other programs and it is compatible with all other security programs.
If all is well think you are good to go, unless you have other questions or other concerns.
Judy

The restore tab was already check marked 'shut down', so I unchecked it and reduced the size.

Oddly, I have a new icon on the desktop for Internet Explorer. I am not sure when that appeared. I only just noticed it after doing everything else. The new icon does not have the shortcut symbol on it. The icon I had been using was a shortcut icon. Can I delete the extra one? (If it was a shortcut I probably wouldn't ask.)

In one of your previous replies, you mentioned an add blocker. What do you recommend?

I appreciate your help getting this cleaned up. I will watch it for a few days and let you know how it goes. Thanks again.

You might consider Firefox, it is a more secure browser, slightly different from IE but generally faster, easily configured. I have used it for years, rarely use IE anymore unless I have to use it. http://www.mozilla.com/en-US/firefox/new/

You do need to make certain you have proper security settings for IE. You want to be certain that 3rd party cookies are blocked, those are ones that are from ads on a web page and you don't want those, you only want the ones from the site you are visiting.
In IE go to Tools, Internet Options, Privacy, Advanced button. Make sure there is a dot in Allow 1st party cookies and a dot in the Don't Allow 3rd Party cookies and a check mark in allow session cookies.
Ok, your way out.